Section: .. / Last 50 Advisory Files /
| /// File Name: | DDIVRT-2008-15.txt | Description:
| The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-onlyfile access outside of the iPhone Configuration Web Utility 1.0 web root. | | Author: | Corey LeBleu,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1066 | | Last Modified: | Nov 21 16:18:46 2008 | | MD5 Checksum: | 07526dbd17f8e037041006f8815ffe08 |
|
| /// File Name: | openssh-cbc-adv.txt | Description:
| The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, they are unable to properly assess its impact. | | Homepage: | http://www.openssh.com/ | | File Size: | 2506 | | Last Modified: | Nov 21 16:17:37 2008 | | MD5 Checksum: | d2688c59ac428caddd0526bb0979ec68 |
|
| /// File Name: | ZDI-08-076.txt | Description:
| A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3322 | | Last Modified: | Nov 20 18:26:11 2008 | | MD5 Checksum: | 674545c3d3f0885dd630ad4bf3b66bd8 |
|
| /// File Name: | ZDI-08-075.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3366 | | Last Modified: | Nov 20 18:24:55 2008 | | MD5 Checksum: | baf5fcd61ddfffefe825752a5e5f8532 |
|
| /// File Name: | MDVSA-2008-233.txt | Description:
| Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4191 | | Related CVE(s): | CVE-2005-0706, CVE-2008-5030 | | Last Modified: | Nov 20 18:16:55 2008 | | MD5 Checksum: | 9c756b2e28e8d3771c77fdb2f9600b6d |
|
| /// File Name: | SSRT080059.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 7471 | | Related CVE(s): | CVE-2007-6388, CVE-2007-5000 | | Last Modified: | Nov 20 14:21:09 2008 | | MD5 Checksum: | 95772fbd64f5296b53746839ca3c082f |
|
| /// File Name: | MDVSA-2008-232.txt | Description:
| Mandriva Linux Security Advisory 2008-232 - The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions. The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4496 | | Related CVE(s): | CVE-2008-4577, CVE-2008-4578 | | Last Modified: | Nov 19 18:47:25 2008 | | MD5 Checksum: | 74d6e20e2de494366564f42bf606f8cb |
|
| /// File Name: | USN-674-1.txt | Description:
| Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10985 | | Related CVE(s): | CVE-2008-2940, CVE-2008-2941 | | Last Modified: | Nov 19 18:46:56 2008 | | MD5 Checksum: | 40785ad48c0633533c0dbc0debeac5a5 |
|
| /// File Name: | PR08-09.txt | Description:
| An unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager. | | Author: | Richard Brain | | Homepage: | http://www.procheckup.com/ | | File Size: | 2315 | | Last Modified: | Nov 19 18:15:41 2008 | | MD5 Checksum: | 027955185dafd3359535c914e02f64fa |
|
| /// File Name: | secunia-streamripper.txt | Description:
| Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system. Version 1.63.5 is affected. | | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4581 | | Related CVE(s): | CVE-2008-4829 | | Last Modified: | Nov 19 17:55:36 2008 | | MD5 Checksum: | 2a667b6f5ea4090920bfdfceb7fa6c61 |
|
| /// File Name: | tonline-multi.txt | Description:
| The T-Online software offered by Deutsche Telekom installs and includes the use of vulnerable DLLs. | | Author: | Stefan Kanthak | | File Size: | 2364 | | Last Modified: | Nov 19 17:52:19 2008 | | MD5 Checksum: | 4f545cb45287d94079f395be11241a87 |
|
| /// File Name: | MDVSA-2008-231.txt | Description:
| Mandriva Linux Security Advisory 2008-231 - Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop. The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7546 | | Related CVE(s): | CVE-2008-4225, CVE-2008-4226 | | Last Modified: | Nov 18 20:11:30 2008 | | MD5 Checksum: | 3c2bacdc0c614a94c24a9030e3f7f962 |
|
| /// File Name: | USN-673-1.txt | Description:
| Ubuntu Security Notice USN-673-1 - Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 25774 | | Related CVE(s): | CVE-2008-4225, CVE-2008-4226 | | Last Modified: | Nov 18 20:10:50 2008 | | MD5 Checksum: | 64f6a2da847d9cc80f75dd91c5ce02f7 |
|
| /// File Name: | CESA-2008-009.html | Description:
| Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability. | | Author: | Chris Evans | | File Size: | 3011 | | Related CVE(s): | CVE-2008-5012 | | Last Modified: | Nov 18 19:31:05 2008 | | MD5 Checksum: | a5218b3dbe84d9457e5d725d2e5b90c9 |
|
| /// File Name: | SSRT080164.txt | Description:
| HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. | | Homepage: | http://www.hp.com/ | | File Size: | 9279 | | Related CVE(s): | CVE-2008-4250, CVE-2008-4037, CVE-2007-0099, CVE-2008-4029, CVE-2008-4033 | | Last Modified: | Nov 18 19:25:40 2008 | | MD5 Checksum: | af2cc68c5723cced78fc00d623c7ba29 |
|
| /// File Name: | USN-672-1.txt | Description:
| Ubuntu Security Notice USN-672-1 - Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7596 | | Related CVE(s): | CVE-2008-5050 | | Last Modified: | Nov 18 01:07:08 2008 | | MD5 Checksum: | 157f26b3a109779716d5541904cd8ff7 |
|
| /// File Name: | USN-667-1.txt | Description:
| Ubuntu Security Notice USN-667-1 - A large amount of vulnerabilities have been addressed in Firefox. Flaws such as information disclosure, bypassing of same-origin checks, arbitrary code execution, and more exist in prior versions. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 43945 | | Related CVE(s): | CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 18 00:55:01 2008 | | MD5 Checksum: | d2b66e3a70af631dd3be6f985f566dab |
|
| /// File Name: | MDVSA-2008-230.txt | Description:
| Mandriva Linux Security Advisory 2008-230 - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4. This update provides the latest Mozilla Firefox 3.x to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 22570 | | Related CVE(s): | CVE-2008-0017, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 18 00:32:31 2008 | | MD5 Checksum: | 19a0df874c10f5c60f644926fc593b96 |
|
| /// File Name: | MDVSA-2008-227-1.txt | Description:
| Mandriva Linux Security Advisory 2008-227-1 - Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates. It was found that the previously-published patch to correct this issue caused a regression when dealing with self-signed certificates. An updated patch that fixes the security issue and resolves the regression issue has been applied to these packages. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4825 | | Related CVE(s): | CVE-2008-4989 | | Last Modified: | Nov 18 00:31:55 2008 | | MD5 Checksum: | 40011f3af8744a4c252822a6224dcf76 |
|
| /// File Name: | USN-671-1.txt | Description:
| Ubuntu Security Notice USN-671-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behavior by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14865 | | Related CVE(s): | CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098 | | Last Modified: | Nov 17 21:23:59 2008 | | MD5 Checksum: | 39c3cf301a96c689c184b762d83dedd8 |
|
| /// File Name: | glsa-200811-05.txt | Description:
| Gentoo Linux Security Advisory GLSA 200811-05 - PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Versions less than 5.2.6-r6 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 6084 | | Related CVE(s): | CVE-2008-0599, CVE-2008-0674, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660 | | Last Modified: | Nov 16 19:22:36 2008 | | MD5 Checksum: | 8207fb94feefdc04cf3ecc1ec20920f1 |
|
| /// File Name: | MDVSA-2008-229.txt | Description:
| Mandriva Linux Security Advisory - An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file. Other bugs have also been corrected in 0.94.1 which is being provided with this update. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7678 | | Related CVE(s): | CVE-2008-5050 | | Last Modified: | Nov 15 18:37:28 2008 | | MD5 Checksum: | a46725972b446a48446465b5b1f6837b |
|
| /// File Name: | TA08-319A.txt | Description:
| Technical Cyber Security Alert TA08-319A - New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system. | | Homepage: | http://www.us-cert.gov/ | | File Size: | 3446 | | Last Modified: | Nov 14 16:00:20 2008 | | MD5 Checksum: | a83fdeda6a32e1a008c98fbd8ac6de73 |
|
| /// File Name: | PSA08-010.txt | Description:
| Portcullis Security Advisory - An information disclosure vulnerability exists in the manner that Microsoft LDAP server responds when binding to the LDAP server. In the case when an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided. | | Author: | Bernardo Damele | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 3894 | | Last Modified: | Nov 14 15:50:59 2008 | | MD5 Checksum: | 2a35a98673bd56e5bf65fbff37539fdc |
|
| /// File Name: | PSA08-009.txt | Description:
| Portcullis Security Advisory - By sending crafted packets to ports on the Checkpoint VPN-1 which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. | | Author: | Mark Lowe,Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 2933 | | Last Modified: | Nov 14 15:41:44 2008 | | MD5 Checksum: | 1b7d691c337938227fedd8e13cfb47cd |
|
| /// File Name: | PLSA-2008-71.txt | Description:
| Pardus Linux Security Advisory 2008-71 -ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. | | Author: | Pardus Linux | | File Size: | 1521 | | Last Modified: | Nov 14 15:37:38 2008 | | MD5 Checksum: | 27aaa45d926a27a8397aab617e52a3fe |
|
| /// File Name: | PLSA-2008-70.txt | Description:
| Pardus Linux Security Advisory 2008-70 -A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when validating the X.509 certificate chain and can be exploited to spoof arbitrary names e.g. during a Man-in-the-Middle (MitM) attack. | | Author: | Pardus Linux | | File Size: | 1488 | | Related CVE(s): | CVE-2008-4989 | | Last Modified: | Nov 14 15:35:04 2008 | | MD5 Checksum: | 8fb670a8ebee5e9608715fcd9804fba7 |
|
| /// File Name: | MDVSA-2008-228.txt | Description:
| Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.18. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 61149 | | Related CVE(s): | CVE-2008-0017, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5052 | | Last Modified: | Nov 14 14:52:12 2008 | | MD5 Checksum: | 04ad2cf66bb646814b4b89a805925bf5 |
|
| /// File Name: | USN-670-1.txt | Description:
| Ubuntu Security Notice USN-670-1 -Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11139 | | Last Modified: | Nov 14 14:43:29 2008 | | MD5 Checksum: | def0d8cb5eb6e5552e07c045b4d93473 |
|
| /// File Name: | shatter-ltadm.txt | Description:
| Team SHATTER Security Advisory - Oracle Database provides the "LTADM" PL/SQL package that is part of the Oracle Workspace Manager component. This package has instances of SQL Injection in COMPRESSSTATE and GOTOTS procedures. | | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2724 | | Related CVE(s): | CVE-2008-3994 | | Last Modified: | Nov 13 19:02:17 2008 | | MD5 Checksum: | 79575c04561c6f6d1500323c9a4398af |
|
| /// File Name: | shatter-change.txt | Description:
| Team SHATTER Security Advisory - The PL/SQL package DBMS_CDC_PUBLISH owned by SYS has an instance of SQL Injection in the ALTER_AUTOLOG_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_PUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges. | | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2440 | | Related CVE(s): | CVE-2008-3995 | | Last Modified: | Nov 13 18:59:16 2008 | | MD5 Checksum: | 4b63b8affb63460b0184537068a8402b |
|
| /// File Name: | shatter-internal.txt | Description:
| Team SHATTER Security Advisory - The PL/SQL package DBMS_CDC_IPUBLISH owned by SYS has an instance of SQL Injection in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_IPUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges. | | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2449 | | Related CVE(s): | CVE-2008-3996 | | Last Modified: | Nov 13 18:56:58 2008 | | MD5 Checksum: | 037b8cf8c0eabfea238dd83452c7a1a9 |
|
| /// File Name: | MDVSA-2008-227.txt | Description:
| Mandriva Linux Security Advisory - Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4351 | | Related CVE(s): | CVE-2008-4989 | | Last Modified: | Nov 13 18:56:02 2008 | | MD5 Checksum: | 4887633167f84cbdee2a6116a020fc50 |
|
| /// File Name: | dsa-1665-1.txt | Description:
| Debian Security Advisory 1665-1 -It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code. | | Homepage: | http://www.debian.org/security | | File Size: | 6607 | | Related CVE(s): | CVE-2008-5030 | | Last Modified: | Nov 12 19:30:20 2008 | | MD5 Checksum: | f3b45fc3667a88145d94c510e33c3a76 |
|
| /// File Name: | SSRT080161.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Service Manager version 7.01. The vulnerability could be exploited to gain extended privileges. | | Homepage: | http://www.hp.com/ | | File Size: | 6770 | | Related CVE(s): | CVE-2008-4415 | | Last Modified: | Nov 12 19:29:04 2008 | | MD5 Checksum: | 89910c56b69b8c1831565003f8fd479f |
|
| /// File Name: | TA08-316A.txt | Description:
| Technical Cyber Security Alert TA08-316A - As part of the Microsoft Security Bulletin Summary for November 2008, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Microsoft Office, and Microsoft XML Core Services. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. | | Homepage: | http://www.us-cert.gov/ | | File Size: | 2657 | | Last Modified: | Nov 11 17:55:46 2008 | | MD5 Checksum: | 7375d08275b077e41d1e08be4c5cbdab |
|
| /// File Name: | smcfancontrol-overflows.txt | Description:
| smcFanControl version 2.1.2 for OSX suffers from multiple buffer overflows. | | Author: | Lau KaiJern | | File Size: | 4422 | | Last Modified: | Nov 11 17:53:02 2008 | | MD5 Checksum: | 7aa118c3ca1103d0fe74e6010d091b89 |
|
| /// File Name: | SSRT080121-2.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for HP-UX. The vulnerability could be exploited to create a local unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 7542 | | Related CVE(s): | CVE-2008-4413 | | Last Modified: | Nov 11 17:45:39 2008 | | MD5 Checksum: | 9b2bed34b3ba7cdea1dd554a7ebfb973 |
|
| /// File Name: | PLSA-2008-69.txt | Description:
| Pardus Linux Security Advisory 2008-69 - A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a memory leak error within the "png_handle_tEXt()" function in pngrutil.c. This can be exploited to potentially exhaust all available memory via a specially crafted PNG image. Versions below 1.2.33-16-6 are affected. | | Author: | Pardus Linux | | File Size: | 1427 | | Last Modified: | Nov 11 16:01:24 2008 | | MD5 Checksum: | a1ca73fef916077319590a28f04a5282 |
|
| /// File Name: | USN-669-1.txt | Description:
| Ubuntu Security Notice USN-669-1 - It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V.Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 4354 | | Related CVE(s): | CVE-2007-6389, CVE-2008-0887 | | Last Modified: | Nov 11 15:59:06 2008 | | MD5 Checksum: | 524a1ab0a333379e3ec3013f9c50f0a3 |
|
| /// File Name: | dsa-1664-1.txt | Description:
| Debian Security Advisory 1664-1 - It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service. | | Homepage: | http://www.debian.org/security | | File Size: | 8332 | | Related CVE(s): | CVE-2008-4776 | | Last Modified: | Nov 10 15:36:08 2008 | | MD5 Checksum: | 6da23961952d48b519c84b8699066783 |
|
| /// File Name: | glsa-200811-04.txt | Description:
| Gentoo Linux Security Advisory GLSA 200811-04 - A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file. Roee Hay reported a stack-based buffer overflow in the push_subg() function in parser.y when processing a DOT file with a large number of Agraph_t elements. Versions less than 2.20.3 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2569 | | Related CVE(s): | CVE-2008-4555 | | Last Modified: | Nov 10 15:16:30 2008 | | MD5 Checksum: | f4d5b78db7972fefee3fbd17bd96ef01 |
|
| /// File Name: | glsa-200811-03.txt | Description:
| Gentoo Linux Security Advisory GLSA 200811-03 - A buffer overflow in FAAD2 might lead to user-assisted execution of arbitrary code via an MP4 file. The ICST-ERCIS (Peking University) reported a heap-based buffer overflow in the decodeMP4file() function in frontend/main.c. Versions less than 2.6.1-r2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2513 | | Related CVE(s): | CVE-2008-4201 | | Last Modified: | Nov 10 15:16:04 2008 | | MD5 Checksum: | 2bb3416d2d0c94f10151b9c93951b8da |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
